Equifax team accidentally sent some people to a phishing website

Andrew Cummings
September 21, 2017

Thankfully, the maker of the spoofed site seems more interested in calling out Equifax for their incompetence than stealing the personal information of unsuspecting victims.

For almost two weeks, however, Equifax's official Twitter account has been directing some users to securityequifax2017.com - a fake, copycat version of its help page created by a concerned software developer, rather than the real response website.

Equifax, like many companies, handles customer service and complaints through its Twitter account.

Luckily, the site on securityequifax2017.com was created by developer Nick Sweeting, who had no intention of harvesting users' information.

A phishing website is a website that is created to look visually similar to the website someone is looking for, and is usually meant to steal information. "Tweet to @equifax to get them to change it to equifax.com before thousands of people loose [sic] their info to phishing sites!" The links have been deleted, but screenshots show it was not a one-time flub.

Following a data breach of this size, it's not unusual to see websites pop up that mimic official help pages. "Consumers should be aware of fake websites purporting to be operated by Equifax". Soon after it launched, some browsers flagged it as a phishing site.

Experts pointed out that hackers and others could purchase very similar domains, set up a website that looks official, and then seed the website URL out into the wild, hoping to lure in unsuspecting victims.

"Equifaxsecurity2017.com", on the other hand, looks so unofficial that Mr. Telang said even he had been unsure at first whether it was safe to enter his information.

The official domain address is "equifaxsecurity2017.com" whereas Sweeting's version is "securityequifax2017.com".

After every major data breach, criminals create clone websites to mine for user data.

Asked about his reaction to the blunder, he responded, "Honestly I'm not really surprised". "It only took me 20 minutes to build my clone". He used a simple content retrieval tool, the wget computer program, to copy Equifax's real website and host it on his own. The site has received 2,000 hits over the last few days, according to CNN. The non-malicious creator of the imposter site was out to prove a point about Equifax's model for post-breach consumer assistance.

"Their response to this incident leaves millions vulnerable to phishing attacks on copycat sites", the fake website states.

Other reports by iNewsToday